summaryrefslogtreecommitdiffstats
path: root/utils/fetch_os_creds.sh
blob: 0e041c6311f970284014533e67c473875bba2c55 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
#!/bin/bash
##############################################################################
# Copyright (c) 2015 Ericsson AB and others.
# jose.lausuch@ericsson.com
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
set -o errexit
set -o nounset
set -o pipefail

usage() {
    echo "usage: $0 [-v] -d <destination> -i <installer_type> -a <installer_ip> [-o <os_cacert>] [-s <ssh_key>]" >&2
    echo "[-v] Virtualized deployment" >&2
    echo "[-s <ssh_key>] Path to ssh key. For MCP deployments only" >&2
}

info ()  {
    logger -s -t "fetch_os_creds.info" "$*"
}


error () {
    logger -s -t "fetch_os_creds.error" "$*"
    exit 1
}


verify_connectivity() {
    local ip=$1
    info "Verifying connectivity to $ip..."
    for i in $(seq 0 10); do
        if ping -c 1 -W 1 $ip > /dev/null; then
            info "$ip is reachable!"
            return 0
        fi
        sleep 1
    done
    error "Can not talk to $ip."
}


swap_to_public() {
    if [ "$1" != "" ]; then
        info "Exchanging keystone public IP in rc file to $public_ip"
        sed -i  "/OS_AUTH_URL/c\export OS_AUTH_URL=\'$public_ip'" $dest_path
        sed -i 's/internalURL/publicURL/g' $dest_path
    fi
}


: ${DEPLOY_TYPE:=''}

#Get options
while getopts ":d:i:a:h:s:o:v" optchar; do
    case "${optchar}" in
        d) dest_path=${OPTARG} ;;
        i) installer_type=${OPTARG} ;;
        a) installer_ip=${OPTARG} ;;
        s) ssh_key=${OPTARG} ;;
        o) os_cacert=${OPTARG} ;;
        v) DEPLOY_TYPE="virt" ;;
        *) echo "Non-option argument: '-${OPTARG}'" >&2
           usage
           exit 2
           ;;
    esac
done

# set vars from env if not provided by user as options
dest_path=${dest_path:-$HOME/opnfv-openrc.sh}
os_cacert=${os_cacert:-$HOME/os_cacert}
installer_type=${installer_type:-$INSTALLER_TYPE}
installer_ip=${installer_ip:-$INSTALLER_IP}

if [ -z $dest_path ] || [ -z $installer_type ] || [ -z $installer_ip ]; then
    usage
    exit 2
fi

# Checking if destination path is valid
if [ -d $dest_path ]; then
    error "Please provide the full destination path for the credentials file including the filename"
else
    # Check if we can create the file (e.g. path is correct)
    touch $dest_path || error "Cannot create the file specified. Check that the path is correct and run the script again."
fi


ssh_options="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"

# Start fetching the files
info "Fetching rc file..."
if [ "$installer_type" == "fuel" ]; then
    verify_connectivity "${installer_ip}"
    # stable/danube uses old Fuel, requires user/pass; new Fuel uses keypair
    if [[ ! "${BRANCH}" =~ "danube" ]]; then
        ssh_user="ubuntu"
        ssh_key="${ssh_key:-$SSH_KEY}"
        if [ -z "$ssh_key" ] || [ ! -f "$ssh_key" ]; then
            error "Please provide path to existing ssh key for mcp deployment."
            exit 2
        fi
        ssh_options+=" -i ${ssh_key}"

        # retrieving controller vip
        controller_ip=$(ssh 2>/dev/null ${ssh_options} "${ssh_user}@${installer_ip}" \
            "sudo salt --out yaml 'ctl*' pillar.get _param:openstack_control_address | \
                awk '{print \$2; exit}'") &> /dev/null

        info "... from controller ${controller_ip} ..."
        ssh ${ssh_options} "${ssh_user}@${controller_ip}" \
            "sudo cat /root/keystonercv3" > "${dest_path}"

        if [[ ! "${BUILD_TAG}" =~ 'virtual' ]]; then
            ssh ${ssh_options} "${ssh_user}@${installer_ip}" \
                "cat /etc/ssl/certs/os_cacert" > "${os_cacert}"
        fi
    else
        env=$(sshpass -p r00tme ssh 2>/dev/null ${ssh_options} root@${installer_ip} \
            'fuel env'|grep operational|head -1|awk '{print $1}') &> /dev/null
        if [ -z $env ]; then
            error "No operational environment detected in Fuel"
        fi
        env_id="${FUEL_ENV:-$env}"

        # Check if controller is alive (online='True')
        controller_ip=$(sshpass -p r00tme ssh 2>/dev/null ${ssh_options} root@${installer_ip} \
            "fuel node --env ${env_id} | grep controller | grep 'True\|  1' | awk -F\| '{print \$5}' | head -1" | \
            sed 's/ //g') &> /dev/null

        if [ -z $controller_ip ]; then
            error "The controller $controller_ip is not up. Please check that the POD is correctly deployed."
        fi

        info "... from controller $controller_ip..."
        sshpass -p r00tme ssh 2>/dev/null ${ssh_options} root@${installer_ip} \
            "scp ${ssh_options} ${controller_ip}:/root/openrc ." &> /dev/null
        sshpass -p r00tme scp 2>/dev/null ${ssh_options} root@${installer_ip}:~/openrc $dest_path &> /dev/null
    fi
    #convert to v3 URL
    auth_url=$(cat $dest_path|grep AUTH_URL)
    if [[ -z `echo $auth_url |grep v3` ]]; then
        auth_url=$(echo $auth_url |sed "s|'$|v3&|")
    fi
    sed -i '/AUTH_URL/d' $dest_path
    echo $auth_url >> $dest_path

elif [ "$installer_type" == "apex" ]; then
    if [ -n "$RC_FILE_PATH" ]; then
        echo "RC_FILE_PATH is set: ${RC_FILE_PATH}. Copying RC FILE to ${dest_path}"
        sudo cp -f ${RC_FILE_PATH} ${dest_path}
    else
        if ! ipcalc -c $installer_ip; then
            installer_ip=$(sudo virsh domifaddr undercloud | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
            if [ -z "$installer_ip" ] || ! $(ipcalc -c $installer_ip); then
                echo "Unable to find valid IP for Apex undercloud: ${installer_ip}"
                exit 1
            fi
        fi
        verify_connectivity $installer_ip

        # The credentials file is located in the Instack VM (192.0.2.1)
        # NOTE: This might change for bare metal deployments
        info "... from Instack VM $installer_ip..."
        if [ -f /root/.ssh/id_rsa ]; then
            chmod 600 /root/.ssh/id_rsa
        fi

        if [ "${BRANCH}" == "stable/fraser" ]; then
            rc_file=overcloudrc.v3
        else
            rc_file=overcloudrc
        fi
        sudo scp $ssh_options root@$installer_ip:/home/stack/${rc_file} $dest_path
    fi
elif [ "$installer_type" == "compass" ]; then
    if [ "${BRANCH}" == "stable/danube" ]; then
        verify_connectivity $installer_ip
        controller_ip=$(sshpass -p'root' ssh 2>/dev/null $ssh_options root@${installer_ip} \
            'mysql -ucompass -pcompass -Dcompass -e"select *  from cluster;"' \
            | awk -F"," '{for(i=1;i<NF;i++)if($i~/\"127.0.0.1\"/) {print $(i+2);break;}}'  \
            | grep -oP "\d+.\d+.\d+.\d+")

        if [ -z $controller_ip ]; then
            error "The controller $controller_ip is not up. Please check that the POD is correctly deployed."
        fi

        info "... from controller $controller_ip..."
        sshpass -p root ssh 2>/dev/null $ssh_options root@${installer_ip} \
            "scp $ssh_options ${controller_ip}:/opt/admin-openrc.sh ." &> /dev/null
        sshpass -p root scp 2>/dev/null $ssh_options root@${installer_ip}:~/admin-openrc.sh $dest_path &> /dev/null

        info "This file contains the mgmt keystone API, we need the public one for our rc file"

        if grep "OS_AUTH_URL.*v2" $dest_path > /dev/null 2>&1 ; then
            public_ip=$(sshpass -p root ssh $ssh_options root@${installer_ip} \
                "ssh ${controller_ip} 'source /opt/admin-openrc.sh; openstack endpoint show identity '" \
                | grep publicurl | awk '{print $4}')
        else
            public_ip=$(sshpass -p root ssh $ssh_options root@${installer_ip} \
                "ssh ${controller_ip} 'source /opt/admin-openrc.sh; \
                     openstack endpoint list --interface public --service identity '" \
                | grep identity | awk '{print $14}')
        fi
        info "public_ip: $public_ip"
        swap_to_public $public_ip
    else
        sudo docker cp compass-tasks:/opt/openrc $dest_path &> /dev/null
        sudo chown $(whoami):$(whoami) $dest_path
        sudo docker cp compass-tasks:/opt/os_cacert $os_cacert
    fi

elif [ "$installer_type" == "joid" ]; then
    # do nothing...for the moment
    # we can either do a scp from the jumphost or use the -v option to transmit the param to the docker file
    info "Do nothing, creds will be provided through volume option at docker creation for joid"

elif [ "$installer_type" == "foreman" ]; then
    #ip_foreman="172.30.10.73"
    controller="oscontroller1.opnfv.com"
    verify_connectivity $installer_ip

    # Check if controller is alive (here is more difficult to get the ip from a command like "fuel node")
    sshpass -p vagrant ssh $ssh_options root@${installer_ip} \
        "sshpass -p Op3nStack ssh $ssh_options root@${controller} 'ls'" &> /dev/null
    if [ $? -ne 0 ]; then
        error "The controller ${controller} is not up. Please check that the POD is correctly deployed."
    fi

    info "Fetching openrc from a Foreman Controller '${controller}'..."
    sshpass -p vagrant ssh $ssh_options root@${installer_ip} \
        "sshpass -p Op3nStack scp $ssh_options root@${controller}:~/keystonerc_admin ." &> /dev/null
    sshpass -p vagrant scp $ssh_options root@${installer_ip}:~/keystonerc_admin $dest_path &> /dev/null

    #This file contains the mgmt keystone API, we need the public one for our rc file
    admin_ip=$(cat $dest_path | grep "OS_AUTH_URL" | sed 's/^.*\=//' | sed "s/^\([\"']\)\(.*\)\1\$/\2/g" | sed s'/\/$//')
    public_ip=$(sshpass -p vagrant ssh $ssh_options root@${installer_ip} \
        "sshpass -p Op3nStack ssh $ssh_options root@${controller} \
        'source keystonerc_admin;keystone endpoint-list'" \
        | grep $admin_ip | sed 's/ /\n/g' | grep ^http | head -1) &> /dev/null

elif [ "$installer_type" == "daisy" ]; then
    verify_connectivity $installer_ip
    cluster=$(sshpass -p r00tme ssh 2>/dev/null $ssh_options root@${installer_ip} \
            "source ~/daisyrc_admin; daisy cluster-list"|grep active|head -1|awk -F "|" '{print $3}') &> /dev/null
    if [ -z $cluster ]; then
        echo "No active cluster detected in daisy"
        exit 1
    fi

    sshpass -p r00tme scp 2>/dev/null $ssh_options root@${installer_ip}:/etc/kolla/admin-openrc.sh $dest_path &> /dev/null

elif ["$installer_type" == "osa"]; then
    # Get RC file from control server
    filename=$(ssh -o StrictHostKeyChecking=no root@${controller_ip} find /var/lib/lxc/controller00_nova_api_placement_container-* -name openrc)
    scp root@${controller_ip}:${filename} ${destpath}
else
    error "Installer $installer is not supported by this script"
fi


if [ ! -f $dest_path ]; then
    error "There has been an error retrieving the credentials"
fi

echo "-------- Credentials: --------"
cat $dest_path